Black Hat presentations represent some of the highest quality, most cutting edge research in the security community. The bar for Black Hat talks is higher than other popular information security conferences and as such, some of the most interesting things you’ll hear all year in the infosec community come out of Vegas.

The ZeroFOX Research team will be presenting a slew of our own research, which you can check out here, but we wanted to highlight the presentations we’re most excited about attending.

Session Title: Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec GamePresenter: Kelly ShortridgeTime: Wednesday, July 26 2:40pm-3:30pmLocation: Mandalay Bay GHWhy We’re Excited:
This presentation promises to be an interesting twist on the theoretical based game theory explanations that have traditionally been viewed as the underpinning for computing security. Expect experimentally validatable results that describe as to how attackers and defenders interact! Like Daniel Kahneman did for Economics, perhaps Kelly can bring some human realities to foundational assumptions of our industry.

Session Title: Practical Tips for Defending Web Applications in the Age of DevOpsPresenter: Zane LackeyTime: Thursday, July 27th, 11am-11:50amLocation: Lagoon DEFJKLWhy We’re Excited:
The importance of the Secure Software Development Lifecycle (SSDLC) has been the staple of any well established engineering team for over a decade, but even the pros are having problem adapting to the influx of new tools that are emerging continuously as part of the devops revolution. In this talk we look forward to hearing some some common SSDLC ‘lessons learned’ when integrating Agile, Devops, and CI/CD into a web application development stack. We’re also excited to see if any of the advice given can generalize to the multitude of organizations that are trying to secure these facets of their engineering daily.

Session Title: Game of Chromes: Owning the Web with Zombie Chrome ExtionsPresenter: Tomer CohenTime: Thursday, July 27, 12:10pm-1:00pmLocation: Lagoon ABCGHIWhy We’re Excited:
From troll factories to misinformation machines to follower farms to nonsense spammers to political censors to sex scams to star wars quote generators, botnets have earned quite the reputation on social media. They come in all shapes and sizes, display different behaviors and strive towards different end goals. In this upcoming talk, we’re excited to hear what Tomer has to say about the Facebook-based botnet attack his company fended off earlier this year. He’ll describe similar tactics that he was able to apply to distribute malicious payloads and “create the web’s most powerful botnet ever”. We’re excited to see how bot distribution via social login relates to the type of bot activity we’ve observed in our own research. Lastly, the timing of the GoT reference in the title isn’t lost on us either, as we eagerly await the next episode of Season 7. A Lannister always pays his bots?

Session Title: How We Created the First SHA-1 Collision and What It Means for Hash SecurityPresenter: Elie BurszteinTime: Wednesday, July 26, 1:30pm-2:20pmLocation: South Seas CDFWhy We’re Excited:
Many companies (including social networks!) use SHA-1 digests to store data. For example, GitHub uses it as a unique id for each commit. The ability to create hash collisions mean people can replace benign content with malicious generated content, and automated processes won’t detect it. We’re looking forward to seeing how quickly this attack vector will be feasible for malicious actors and what is being done to proactively defend against it.